CVE-2015-3145
24.04.2015, 14:59
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.Enginsight
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
| canonical | ubuntu_linux | 15.04 |
| debian | debian_linux | 7.0 |
| haxx | curl | 7.31.0 |
| haxx | curl | 7.32.0 |
| haxx | curl | 7.33.0 |
| haxx | curl | 7.34.0 |
| haxx | curl | 7.35.0 |
| haxx | curl | 7.36.0 |
| haxx | curl | 7.37.0 |
| haxx | curl | 7.37.1 |
| haxx | curl | 7.38.0 |
| haxx | curl | 7.39.0 |
| haxx | curl | 7.40.0 |
| haxx | curl | 7.41.0 |
| apple | mac_os_x | 10.10.0 |
| apple | mac_os_x | 10.10.1 |
| apple | mac_os_x | 10.10.2 |
| apple | mac_os_x | 10.10.3 |
| apple | mac_os_x | 10.10.4 |
| oracle | solaris | 11.3 |
| haxx | libcurl | 7.30.0 |
| haxx | libcurl | 7.31.0 |
| haxx | libcurl | 7.32.0 |
| haxx | libcurl | 7.33.0 |
| haxx | libcurl | 7.34.0 |
| haxx | libcurl | 7.35.0 |
| haxx | libcurl | 7.36.0 |
| haxx | libcurl | 7.37.0 |
| haxx | libcurl | 7.37.1 |
| haxx | libcurl | 7.38.0 |
| haxx | libcurl | 7.39 |
| haxx | libcurl | 7.40.0 |
| haxx | libcurl | 7.41.0 |
| hp | system_management_homepage | 𝑥 ≤ 7.5.3.1 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 13.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References